<?php
session_start();
require_once('../lib.php');
if( isset($_GET['act']) && $_GET['act'] != ''){
	$act = $_GET['act'];
	switch($act){
		case "login": 	{	
			if( isset($_GET['val']) && $_GET['val'] != ''){
					  $val = $_GET['val']; //print_r ($val);
					  echo login_user($val);
			}
			else{ echo '0';	}
			break;
		}
		default:		{
			echo 'Truyền lệnh sai - Không được phép truy cập trực tiếp';
			break;
		}
	}
}
	
	
function login_user($val){
	$var_array = read_var ($val);
	include("../connect.php");

	$command = 'SELECT `id`, `username`, `permission` FROM `user_account` WHERE `username`="'.$var_array['uname'].'" AND `password`="'.$var_array['upass'].'"';
	$result = mysql_query($command,$conn);
	$query_num = mysql_num_rows($result);
	if($query_num==1){	
		while ($row = mysql_fetch_row($result)) {
			$_SESSION[sess_login]['id'] = $row[0];
			$_SESSION[sess_login]['username'] = $row[1];
			$_SESSION[sess_login]['permission'] = $row[2];
		}
		return '1';
	}
	else{
		return '0';
	}
	mysql_free_result($result);
	mysql_close($conn);
}

?>